Save content
Have you found this content useful? Use the button above to save it to your profile.
AIA

Virus Alert: Mutant Beagle on the loose

by
25th Dec 2005
Save content
Have you found this content useful? Use the button above to save it to your profile.

Warning

A new variant of January's Beagle/Bagel worm virus was identified by Net security specialists on Tuesday.

First encountered by our email filter as "W32.Alua@mm", it was later indentified as W32.Beagle.B@mm by Symantec and assigned a level 3 threat - quite a high threat rating for a worm on its initial discovery.

W32.Beagle.B@mm is a mass-mailing worm that arrives with a subject line beginning "ID" followed by six random characters and the word "thanks".

Like the first Beagle variant, the attachment is a random number of characters with an .exe suffix. If activated, it will open a backdoor on the PC's port 8866 and insert itself into the Windows registry.

Other offshoots of virus outbreaks from January and before have continued to circulate around the Web, with Mimail and Lovelorn variants landing in our in box.

A critical vulnerability report from Micrsoft added to the jitters last week. It acknowledged a weakness in the Microsoft ASN.1 Library that could leave PCs running Windows NT, Windows 2000, Windows XP and Windows Server 2003 open to remote access by hackers or exploitation by worms designed along the lines of last year's Blaster virus.

With so many viruses sloshing around, and new ones said to be iminent, be sure to apply the following anti-virus recommendations from Symantec:

  • Turn off and remove unneeded services. Non-critical services such as an FTP server, telnet, and a Web server are vulnerable attack. Revmoing them reduces the threat from "blended" threats
  • If a blended threat exploits one or more network services, disable or block access to those services until a patch is applied.
  • Always keep your security patch levels up-to-date, especially on computers that host public services and are accessible through the firewall
  • Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.
  • Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.
  • Isolate infected computers quickly to prevent further compromising your organization. Perform a forensic analysis and restore the computers using trusted media.
  • Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses.

    For further guidance on information security, see Stewart Twynam's excellent series of articles in Business Management Zone

  • Tags:

    Replies (0)

    Please login or register to join the discussion.

    There are currently no replies, be the first to post a reply.